Senior bank staff are failing to take the threat of cyber attack seriously, the Bank of England has claimed, treating it as a purely ‘technical’ issue rather than addressing risks at board-level.
Minutes of the Bank’s Financial Policy Committee hearing on 8 December highlighted the need for the financial sector to improve cyber attack resilience, after receiving self-assessment forms from major banks and financial market infrastructure firms.
The FPC noted a “tendency among firms to view cyber threats as a technical problem, rather than an issue which merits Board-level attention given the evolving nature of cyber threats and the key importance of cyber resilience to continuity of financial services”.
Efforts were being made to agree “timetables for remediation”, but the FPC, which is charged with reducing system risk to the sector, said that there was no evidence of any “critical shortcomings”.
It also pointed to the launch of a security vulnerability testing framework, known as CBEST, in June, with some financial sector firms in advanced discussions to take part in the simulations.
Last week, the FPC published its 2014 ‘Financial Stability Report’ which claimed that cyber attacks are a “key risk” to the UK financial sector, pointing to the theft of data on 80 million customers at US bank JP Morgan earlier this year.
It also said that banks were failing to take actions to reduce risk of both cyber attack and IT failures.
The Bank of England is also the target of frequent attempts to hack its into systems each week, with hactivists and nation states the most common culprits.